summaryrefslogtreecommitdiffstats
path: root/meta/recipes-connectivity
diff options
context:
space:
mode:
authorCatalin Enache <catalin.enache@windriver.com>2016-04-18 15:52:16 +0300
committerRichard Purdie <richard.purdie@linuxfoundation.org>2016-04-18 16:27:45 +0100
commit2fc84114c6323bf1e3d3598af52dd1523168c9fc (patch)
tree4391a6f94785244e93e656969d0d2897b0bd88a6 /meta/recipes-connectivity
parentb18134ddaf949b4f001a1613ab876aed6324040a (diff)
downloadopenembedded-core-2fc84114c6323bf1e3d3598af52dd1523168c9fc.tar.gz
openembedded-core-2fc84114c6323bf1e3d3598af52dd1523168c9fc.tar.bz2
openembedded-core-2fc84114c6323bf1e3d3598af52dd1523168c9fc.zip
dhcp: CVE-2016-2774
ISC DHCP 4.1.x before 4.1-ESV-R13 and 4.2.x and 4.3.x before 4.3.4 does not restrict the number of concurrent TCP sessions, which allows remote attackers to cause a denial of service (INSIST assertion failure or request-processing outage) by establishing many sessions. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-2774 Signed-off-by: Catalin Enache <catalin.enache@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
Diffstat (limited to 'meta/recipes-connectivity')
-rw-r--r--meta/recipes-connectivity/dhcp/dhcp/CVE-2016-2774.patch65
-rw-r--r--meta/recipes-connectivity/dhcp/dhcp_4.3.3.bb1
2 files changed, 66 insertions, 0 deletions
diff --git a/meta/recipes-connectivity/dhcp/dhcp/CVE-2016-2774.patch b/meta/recipes-connectivity/dhcp/dhcp/CVE-2016-2774.patch
new file mode 100644
index 0000000000..4836dbc2ac
--- /dev/null
+++ b/meta/recipes-connectivity/dhcp/dhcp/CVE-2016-2774.patch
@@ -0,0 +1,65 @@
+From b9f56d578ebfd649b5d829960540859ac6ca931c Mon Sep 17 00:00:00 2001
+From: Catalin Enache <catalin.enache@windriver.com>
+Date: Tue, 12 Apr 2016 18:23:31 +0300
+Subject: [PATCH] Add patch to limit the value of an fd we accept for a
+ connection.
+
+By limiting the highest value we accept for an fd we limit the number
+of connections.
+
+Upstream-Status: Backport
+CVE: CVE-2016-2774
+
+Author: Shawn Routhier <sar@isc.org>
+Signed-off-by: Catalin Enache <catalin.enache@windriver.com>
+---
+ includes/site.h | 6 ++++++
+ omapip/listener.c | 9 +++++++--
+ 3 files changed, 18 insertions(+), 2 deletions(-)
+
+diff --git a/includes/site.h b/includes/site.h
+index 9c33de3..df020c8 100644
+--- a/includes/site.h
++++ b/includes/site.h
+@@ -290,6 +290,12 @@
+ this option will be removed at some time. */
+ /* #define INCLUDE_OLD_DHCP_ISC_ERROR_CODES */
+
++/* Limit the value of a file descriptor the serve will use
++ when accepting a connecting request. This can be used to
++ limit the number of TCP connections that the server will
++ allow at one time. A value of 0 means there is no limit.*/
++#define MAX_FD_VALUE 200
++
+ /* Include definitions for various options. In general these
+ should be left as is, but if you have already defined one
+ of these and prefer your definition you can comment the
+diff --git a/omapip/listener.c b/omapip/listener.c
+index 8bdcdbd..61473cf 100644
+--- a/omapip/listener.c
++++ b/omapip/listener.c
+@@ -3,7 +3,7 @@
+ Subroutines that support the generic listener object. */
+
+ /*
+- * Copyright (c) 2012,2014 by Internet Systems Consortium, Inc. ("ISC")
++ * Copyright (c) 2012,2014,2016 by Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (c) 2004,2007,2009 by Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (c) 1999-2003 by Internet Software Consortium
+ *
+@@ -233,7 +233,12 @@ isc_result_t omapi_accept (omapi_object_t *h)
+ return ISC_R_NORESOURCES;
+ return ISC_R_UNEXPECTED;
+ }
+-
++
++ if ((MAX_FD_VALUE != 0) && (socket > MAX_FD_VALUE)) {
++ close(socket);
++ return (ISC_R_NORESOURCES);
++ }
++
+ #if defined (TRACING)
+ /* If we're recording a trace, remember the connection. */
+ if (trace_record ()) {
+--
+2.7.4
diff --git a/meta/recipes-connectivity/dhcp/dhcp_4.3.3.bb b/meta/recipes-connectivity/dhcp/dhcp_4.3.3.bb
index 970617ff92..4e8cd272b8 100644
--- a/meta/recipes-connectivity/dhcp/dhcp_4.3.3.bb
+++ b/meta/recipes-connectivity/dhcp/dhcp_4.3.3.bb
@@ -8,6 +8,7 @@ SRC_URI += "file://dhcp-3.0.3-dhclient-dbus.patch;striplevel=0 \
file://replace-ifconfig-route.patch \
file://CVE-2015-8605.patch \
file://0001-site.h-enable-gentle-shutdown.patch \
+ file://CVE-2016-2774.patch \
"
SRC_URI[md5sum] = "c5577b09c9017cdd319a11ff6364268e"